The saga of Java and its inherent vulnerabilities goes on unabated. The latest Java update includes patches for no less than 37 security holes, and that’s just the ones that have been identified. I’d love to know just how many individual patches Oracle has released over the past couple of years in what is seemingly a futile attempt to shore up its seriously flawed software… the words “colander” and “sieve” spring to mind.
According to Oracle’s official announcement, 4 of the 37 Java vulnerabilities received a Common Vulnerability Scoring System (CVSS) rating of 10.0, the highest/most severe possible.
Another 37 Reasons Why You Should Junk Your Java
If you have not yet rid your machine of the threat magnet known as Java, I suggest you revisit an earlier article written by our very own fearless leader: You should junk your Java!
That is the best possible solution, but if you simply cannot live without Java, then at least make sure to get the latest update installed as soon as possible. For Java 7 (the version most users will have installed) this will be update 55. For the newer ‘feature release’ version Java 8 (which doesn’t support XP) it will be update 5.
You should be able to identify which Java version is installed on your machine by looking it up in the list of installed programs, in Windows 7 that would be Start>Control Panel>Programs and features. Or via the Java Control Panel. If you’re still not sure which version is installed on your machine, you can double check it here: https://www.java.com/en/
*NOTE: Updating from within the Java Control Panel includes installation of the Ask Toolbar crapware by default, so make sure to deselect that option.
Also, here are two options persistent Java users might consider to help mitigate the risk:
- Universally disable Java for all sites and only re-enable for specific sites. Browser specific instructions here: https://www.java.com/en/download/help/disable_browser.xml
- Utilize two browsers, one without Java for everyday use and one with Java enabled to use with only those sites where it is essential.
For those users who may experience problems upgrading or removing Java, here is a link to a nice little freeware called JavaRA: http://singularlabs.com/software/javara/
Update or remove, it’s entirely up to you, but please do one or the other, and soon.